A Google Calendar notification pops up in your inbox. Should you click on it? Not so fast. Scammers are now taking advantage of a default setting in Google Calendar that automatically adds an event to your calendar to try and get your personal data. Here’s what you need to know.
How does the scam work?
Phishers are cybercriminals who get personal information such as usernames, passwords, and credit card information by posing as a trustworthy source. They have a database of email addresses they usually get from a leaked database or a public one from the darknet, forums, etc., says Jamie Cambell, a cybersecurity analyst for GoBestVPN.
Then they will send calendar invites to all the email addresses in their database. Once people are invited, Google will automatically add the events on victims’ calendar by default. When you receive the notification from Calendar, you’re more likely to click on it because it seems like it comes from your own calendar, Cambell says.
Meanwhile, the phishers have embedded a link in the invite. It will likely say something like “You’ve received a cash reward” or “There’s a money transfer in your name,” Wired reports. The links then encourage people to provide credit card information or other personal data.
And it may not be a one-time occurrence.
“They can also set the number of reminders to deliver the same message many times until the desired link is clicked or the invitation is deleted,” Maria Vergelis, a security researcher at the threat intelligence firm Kaspersky, told Wired. “And such an invitation automatically adds the notifications to one’s calendar. The delivery method is quite new and growing.” Here are some other common online scams you should know about.
How can you get rid of the invite?
So what should you do if you receive a fishy invite?
“The best thing to do is just ignore or block the email address of the sender, report it as a phishing attempt, and move on,” Cambell says. Here’s what happens when you respond to spam emails.
The good news? You should be able to protect yourself from another fraudulent invite by tweaking your settings. To make sure you don’t get another one, you can change your Google Calendar settings so events will not be added automatically. Here’s how:
-Open Google Calendar.
-In the top right, click the Settings Menu, then Settings.
-Next to “Events from Gmail,” uncheck the box next to “Add automatically.”
-At the bottom of the page, click Save.
Wondering whether your email address has already been compromised? You can check on websites such as HaveIBeenPwned. A final word of advice: Never click on strange links. To protect yourself further, find out 20 tricks that hackers don’t want you to know.